HongMeng Kernel

HongMeng Kernel (Chinese: 鸿蒙内核; pinyin: Hóngméng nèihé) is a computer operating system kernel developed by Huawei. It is used in the HarmonyOS NEXT version of the HarmonyOS operating system, replacing previous versions that relied on the AOSP compatibility layer, Linux kernel, and LiteOS kernel.^[1][2]

HongMeng Kernel
Developer	Huawei
Written in	C
OS family	OpenHarmony
Working state	Current
Source model	Closed, with open source components
Initial release	August 2023; 1 year ago (2023-08)
Latest preview	1.10.0 / June 6, 2025; 46 days ago (2025-06-06)
Supported platforms	Current: ARM64
Kernel type	Microkernel
License	Commercial software, Proprietary software except for open-source components
Preceded by	OpenHarmony ChCore (Monolithic) kernel, LiteOS (RTOS) kernel

The HongMeng Kernel adopts a microkernel architecture, designed to enhance security and performance by isolating critical system components.^[1][2]

Kernel design

HarmonyOS NEXT Architecture

HongMeng kernel is a microkernel at rich executed environment level for software outside hardware-based HarmonyOS TEE kernel, enabling greater modularity and larger portions of the OS to benefit from memory protection at kernel mode. While retaining the speed of monolithic mainline Linux kernel compatibility subsystem of modular OpenHarmony standard system within its kernel abstraction layer as compatibility layer with POSIX APIs and third-party musl-libc integrated support for bigger advanced devices for some critical tasks at user mode of HarmonyOS operating system commercial distro. The kernel has Linux ABI compatibility by placing an ABI-compatible shim in IC0 (kernel space), which redirects Linux system calls to IPC and serves as a central repository for global state. The kernel also reuses Linux drivers through driver containers, which balances between compatibility and critical path performance, while having control plane and data plane separation to improve performance. HongMeng kernel capabilities in context switching, network, application startup time, load, frame loss, interrupt latency, etc., and also performance optimised in smart routers and smart vehicles.^[3][4][5]

Achieving Linux ecosystem compatibility through interface simulation

Self-developed drivers coexist with the Linux driver ecosystem

As of June 5, 2025^[update], HongMeng kernel runs on ARM64 devices on HarmonyOS NEXT 5.1.0.110 version with current version 1.10.0.^[6]

HongMeng kernel objects used as carriers for data transmission during IPC communication. The capability system ensures only the capability to read from or write to kernel objects can receive or send messages through these objects. As a result, the content of messages has inability to insert malicious processes.^[7][8]

HongMeng kernel adopts a microkernel architecture that reduces the kernel TCB (Trusted Code Base). Compared to traditional monolithic kernels such as Linux kernel,^[9] the kernel code in HongMeng kernel is less than one-fourth in size, significantly reducing occurrence of vulnerabilities on the kernel.^[8][10]

On HongMeng kernel, the HKIP module provides various protection mechanisms. Other than code, the read-only data, and kernel page table, other critical structures within the kernel are not protected by HKIP. The finer-grained kernel module isolation featured in HongMeng kernel, which divides kernel resources into multiple types, different types are managed by corresponding modules, and modules communicate with each other through the IPC mechanism, which has a better effect on multiple modules defense against attacks. Then it divides the permissions between modules in a fine-grained manner and communicates between modules through IPC, making it difficult for attackers to evolve the attack results of one module into the attack results of the entire system. HongMeng kernel loads the driver in user mode, making it difficult to trigger an attack against drivers to an attack against the kernel EL1 layer by strictly obtaining only EL0 permissions.^[5][8]

HKIP Kernel Integrity Protection Based on Hardware Virtualization Capability

HongMeng kernel has file system protection in place, using different keys for different contexts to protect the confidentiality and integrity of code and data files, and key management with the Secure Enclave (TrustZone, security chip) isolated from the kernel. Manufacturers and system developers can use hardware security primitives alongside third-party to first-party chip designs provided by processors to achieve a higher level of security privileges than the kernel. Even after an attacker compromises the HongMeng kernel, the system relies on a hypervisor or secure monitor that is lower than the kernel and has a smaller TCB. The TrustZone and security chip, which are isolated from the rich executed environment REE kernel, ensures the security of users' sensitive data.^[8][11]

See also

• Kernel (operating system)
• OpenHarmony
• HarmonyOS NEXT – iterative operating system released by Huawei, with HarmonyOS as kernel
• HarmonyOS – operating system released by Huawei, with HarmonyOS kernel as kernel

Further reading

• Haibo, Chen Huawei Central Software Institute and Shanghai Jiao Tong University (21 June 2024), Microkernel Goes General:

Performance and Compatibility in the HongMeng Production Microkernel from the original on June 21, 2024. Retrieved 2024-07-10.^[12]